Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "Despite weaknesses in the Linux-hostile 'secure boot' mechanism, both Fedora and Ubuntu decided to facilitate it, by essentially adopting two different approaches. Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'"

All those Win8 machines people are going to kick to the curb, and places like RE-PC won't even be able to make sell them as "boot only" boxes ready for another OS because the boot is locked down at the hardware level.

Manufacturers should be free to do whathever they want with the devices they create.

This is prima facie absurd. Should they be able to use lead paint too? There always have to be limits on how products are made for society to function. What is wrong with allowing the board to boot another OS? The manufacturer still made the same amount of money. The hackers won't be slowed down for long by secure boot. It is a scheme to enrich Microsoft and rob consumers. Have fun supporting it.

I also can understand hardware requirements for a licensed OS, such a certain button layout, screen resolution, etc. Those make sense and ensure it runs as intended.

You are trying to conflate secure boot to having buttons in a certain arrangement? Yep, I'm definitely on Slashdot tonight.

It is even worse than that - if it is wont be possible to change the certificate on a machine and that certificate get compromized, then it means there is no security anymore neither... The device is now junk after maybe one month of owning it. You need a new device regardless. And dont tell me you have not heard of the certificates for BlueRay and so on being compromised...

The alternative - Microsoft can remotely update the certificate, but that also mean any remote attacker who break the key can change it... Again, no security... The only way to make it secure in the long run is to allow users change the key when needed.

But as soon as you let manufacturers do as they wish with the devices they sell that is the natural progression. That is why in many countries in the world the buyer have rights that conflict with this idea. Here in Brazil, for example it is illegal to lock cellphone devices to specific carriers, for example, and personally I think that is right. Once you buy something you should be entitled to do whatever you wish with it.

Any time I see a response to the tune of "... so and so is free to make a choice about such and such", I also think that there is no such thing as "free to choose" if one does not/can not/will not understand the finer details involved in that choice.

I can only freely choose to not buy this if I understand what does and does not work and how it can/will impact me. Most typical computer purchases are not made with this level of understanding.

Buy an x86 tablet or ultrabook with a secureboot implementation that is required to be unlocked. The only reason the ARM based tablets will have a locked boot loader is that they will be sold through telco's that demand the lockdown in order to sell or support the devices.

There are legal reasons for the present arrangement. When Microsoft was investigated for antitrust in the past, the scope of its monopoly was defined in the trial as "Intel based personal computers". Hence locking down Intel will likely trigger another round, in EU if not in US. On ARM, Apple is king, so if it's good for them, it's good for MS.

Funny you should mention blu-ray. I just bought a blu-ray player and the Firefly blu-ray discs (full series plus the movie). The player and the discs were such a PITA to use that I returned everything as defective. The fact that the player also skipped when playing regular DVDs was bad, and the ridiculously bad user interface and slow load times, and hopelessly slow and useless 'web interface'.

But the fact that one has to sit through (feels like) 10 minutes of WARNING COPYING IS EVIL messages at the start, and another 10 minutes of WARNING COPYING IS EVIL at the end OF EACH EPISODE, IN FOUR DIFFERENT LANGUAGES was beyond the pale. AFAI am concerned, this ridiculous waste of my time constitutes a defective product. So, no more blu-ray for me, and $200 of lost sales for the vendors - not to mention that Samsung will have to repackage the player for resale.

For perspective, had I kept the blu-ray it's likely I would have spent $300 over the next year on videos. And I need a big screen TV, preferably with passive 3D (I happen to like 3D). So that's a total of about $1500 in lost sales - sorry folks, get your act together. Until I can watch a 3D blu-ray movie on a device of MY choosing, _at least_ as easily as I can watch a DVD now (preferably easier), my money will stay home.

I had read the various complaints from/.ers and others about the problems with blu-ray, and now I have experienced them first hand. I'm no pirate - the only videos I've downloaded have been from archive.org, and authorized ones. But I was sorely tempted to buy a blu-ray drive for my desktop (which I was going to set up with MythTV anyway) and rip the Firefly discs. I would have even kept them, if I could watch the stupid things without so much hassle. They've actually made watching a movie in your own home a bigger hassle than driving to the theatre (in my case a 40 minute drive, and paid parking to boot).

I wonder if a class action suit against the media companies regarding the lack of usability and lack of fair use would succeed.

In any case, this UEFI thing appears to be the first step in destroying the personal computing device market and turning it into a monopolist's dream, following the blu-ray debacle. If all else fails, I'll just spend the time on my sailboat, and exude feelings of pity for young whippersnappers who are growing up with no alternative to being 'sharecroppers' for the media.

There is no evidence for this, except contrary evidence that Windows XP and 7 Slates were more expensive than iPads by quite a margin. In fact the unwillingness of OEMs to build Windows 8/RT tablets leading to MS having to build their own Surface seems based on the fact that they (OEMs) could not build any that would be competitive pricewise with iPad given they would have to give MS $80.00.

MS may well have to subsidize Surface, they will _not_ be cheap.

With x86 tablets, they will be even more because the i5 is way more than an ARM SoC.

Actually the thing people are missing that I just remembered: This will now make it a DMCA violation to circumvent the bootloader process. That is probably the REAL intention of this. Being able to restrict people's ability to install alternate software is just a bonus (and honestly, tell me you can't emulate everything in the chain necessary to get it to boot given that the keys are presumably in the bios (unless TPMs have become mandatory in the meantime as well?)

Due to the niche factor, it'd also be more expensive. If Microsoft does declare secure boot must be manditory at some future date, which seems dangerously likely based on their past behavior, then those who want to run linux may only be able to do so on specialist or server hardware that costs far more. This eliminates one of Linux's major advantages, the price, as well as making it difficult for new users to start dabbling.

Given the density of NOR flash these days - and no, I'm not talking about SSDs - can't any vendor just throw the Linux kernel into the BIOS, and then have everything else - from x11 and up - on the HDD/SSD? That way, the booting experience will be smooth w/o needing to have GRUB or GRUB2, and beyond that, everything will be on the hard drive. Note that this assumes that only 1 OS is on the computer (which is the way I generally prefer it - I don't have any computer share OSs.

Let me clarify what some people are saying about how Microsoft can't demand locked BIOS because of anti-trust laws.

They are wrong. MS can demand secure boot. As long as there is a way for other comercial companies to get into this scheme, they can't be accoused of monopolizing the market.

And why would they? Secure boot won't prevent Google from releasing another TV OS. Won't prevent Apple from selling more iPads, won't even prevent System 76 from selling Ubuntu. But your S76 laptop won't have the DRM hardware module to run Netflix and your PVR that does have it won't install another OS.

Freedom will be isolated to specific machines to be easily ignored while all useful applications will be restricted to a "safe zone". That is, safe from user's freedom.